Se por algum motivo você precisar fornecer um certificado de cliente ao fazer uma conexão ldap, deverá fornecer essas diretivas no mesmo local que a diretiva AuthType
.
<Location /secure-ldap-basic>
AuthType basic
AuthName "LDAP signin required"
AuthBasicProvider ldap
AuthLDAPUrl ldaps://ldap.example.com/ SSL
LDAPTrustedClientCert KEY_BASE64 /etc/pki/tls/private/www.example.com.key
LDAPTrustedClientCert CERT_BASE64 /etc/pki/tls/certs/www.example.com.cert
Require valid-user
</Location>
<Location /secure-ldap-form>
AuthType form
AuthName realm
AuthFormProvider ldap
AuthLDAPUrl ldap://ldap.example.com/ STARTTLS
LDAPTrustedClientCert KEY_BASE64 /etc/pki/tls/private/www.example.com.key
LDAPTrustedClientCert CERT_BASE64 /etc/pki/tls/certs/www.example.com.cert
Require valid-user
AuthFormLoginRequiredLocation /login?%{REQUEST_URI}
Session On
SessionCookieName session path=/
SessionCryptoPassphrase <passphrase>
</Location>